Half of ransomware’s SMB victims pay up